apt37

The Attack Isn't Coming From a Stranger. It's Coming From Your GitHub Notifications.

John Z Black Apr 14, 2026

Threat Intelligence #apt37 #north-korea #phishing #github #jira #social-engineering #pushpaganda #google-discover

Four active campaigns documented today share one design principle: the attack arrives from something the target already trusts. APT37 builds friendships on Facebook first. Attackers abuse GitHub and Jira notifications to deliver phishing links that pass SPF, DKIM, and DMARC. A fake rocket alert app spies on people in a conflict zone. AI-generated articles seed Google Discover with scareware.